package cn.chencq.moudle.sys.service.impl;

import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.crypto.hash.Sha256Hash;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import cn.chencq.constants.Constants;
import cn.chencq.exception.MyException;
import cn.chencq.moudle.sys.dao.BaseDao;
import cn.chencq.moudle.sys.dao.SysUserDao;
import cn.chencq.moudle.sys.entity.SysUser;
import cn.chencq.moudle.sys.service.SysRoleService;
import cn.chencq.moudle.sys.service.SysUserRoleService;
import cn.chencq.moudle.sys.service.SysUserService;

@Service
public class SysUserServiceImpl extends BaseServiceImpl<SysUser> implements SysUserService {

	@Autowired
	private SysUserDao sysUserDao;

	@Autowired
	private SysUserRoleService sysUserRoleService;

	@Autowired
	private SysRoleService sysRoleService;

	@Override
	protected BaseDao getBaseDao() {
		return sysUserDao;
	}

	@Override
	public SysUser queryByUserName(String userName) {
		return sysUserDao.selectByUserName(userName);
	}

	@Override
	@Transactional
	public boolean updatePassword(Long userId, String password, String newPassword) {
		Map<String, Object> map = new HashMap<String, Object>();
		map.put("userId", userId);
		map.put("password", password);
		map.put("newPassword", newPassword);
		return sysUserDao.updatePassword(map) > 0;
	}

	@Override
	@Transactional
	public void save(SysUser user) {
		// 检查角色是否越权
		checkRole(user);

		user.setCreateTime(new Date());
		// sha256加密
		String salt = RandomStringUtils.randomAlphanumeric(20);
		user.setPassword(new Sha256Hash(user.getPassword(), salt).toHex());
		user.setSalt(salt);
		sysUserDao.save(user);

		// 保存用户与角色关系
		sysUserRoleService.saveOrUpdate(user.getUserId(), user.getRoleIdList());
	}

	/**
	 * 检查角色是否越权
	 */
	private void checkRole(SysUser user) {
		// 如果不是超级管理员，则需要判断用户的角色是否自己创建
		if (user.getCreateUserId() == Constants.SUPER_ADMIN) {
			return;
		}

		// 查询用户创建的角色列表
		List<Long> roleIdList = sysRoleService.queryRoleIdList(user.getCreateUserId());

		// 判断是否越权
		if (!roleIdList.containsAll(user.getRoleIdList())) {
			throw new MyException("新增用户所选角色，不是本人创建");
		}
	}

	@Override
	public void updateUser(SysUser user) {
		if (StringUtils.isBlank(user.getPassword())) {
			user.setPassword(null);
		} else {
			user.setPassword(new Sha256Hash(user.getPassword(), user.getSalt()).toHex());
		}
		sysUserDao.updateByPrimaryKey(user);

		// 检查角色是否越权
		checkRole(user);

		// 保存用户与角色关系
		sysUserRoleService.saveOrUpdate(user.getUserId(), user.getRoleIdList());
	}

	@Override
	public List<Long> queryAllMenuId(Long userId) {
		return sysUserDao.queryAllMenuId(userId);
	}

	@Override
	public List<String> queryAllPermsByUserId(Long userId) {
		return sysUserDao.queryAllPermsByUserId(userId);
	}
}
